[lfs-support] 6.06 Creating Essential Files and Symlinks

2012-02-13 Thread Qrux 
After installing OpenSSH,  I'm seeing errors like this:

sshd[1226]: Excess permission or bad ownership on file /var/log/btmp

Quick google turns up:

https://issues.rpath.com/browse/RPL-1825

TL;DR - I think we ought to change the last few lines from this:

touch /var/run/utmp /var/log/{btmp,lastlog,wtmp}
chgrp -v utmp /var/run/utmp /var/log/lastlog
chmod -v 664 /var/run/utmp /var/log/lastlog

to this:

touch /var/run/utmp /var/log/{btmp,lastlog,wtmp}
chgrp -v utmp /var/run/utmp /var/log/{lastlog,btmp}
chmod -v 664 /var/run/utmp /var/log/lastlog
chmod -v 0600 /var/log/btmp

Does anyone see an issue with changing the group and perms of /var/log/btmp to 
fit SSH's expectations?

Q

-- 
http://linuxfromscratch.org/mailman/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/lfs/faq.html
Unsubscribe: See the above information page

Re: [lfs-support] 6.06 Creating Essential Files and Symlinks

2012-02-13 Thread Andrew Benton 
On Mon, 13 Feb 2012 04:01:55 -0800
Qrux qrux@gmail.com wrote:

 After installing OpenSSH,  I'm seeing errors like this:
 
   sshd[1226]: Excess permission or bad ownership on file /var/log/btmp
 
 Quick google turns up:
 
   https://issues.rpath.com/browse/RPL-1825
 
 TL;DR - I think we ought to change the last few lines from this:
 
   touch /var/run/utmp /var/log/{btmp,lastlog,wtmp}
   chgrp -v utmp /var/run/utmp /var/log/lastlog
   chmod -v 664 /var/run/utmp /var/log/lastlog
 
 to this:
 
   touch /var/run/utmp /var/log/{btmp,lastlog,wtmp}
   chgrp -v utmp /var/run/utmp /var/log/{lastlog,btmp}
   chmod -v 664 /var/run/utmp /var/log/lastlog
   chmod -v 0600 /var/log/btmp
 
 Does anyone see an issue with changing the group and perms of /var/log/btmp 
 to fit SSH's expectations?

I agree, if we create /var/log/btmp it should be chmod 600, but I
wonder, do we need it? Does anything use it?

Andy
-- 
http://linuxfromscratch.org/mailman/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/lfs/faq.html
Unsubscribe: See the above information page

Re: [lfs-support] 6.06 Creating Essential Files and Symlinks

2012-02-13 Thread Bruce Dubbs 
Andrew Benton wrote:
 On Mon, 13 Feb 2012 04:01:55 -0800
 Qrux qrux@gmail.com wrote:
 
 After installing OpenSSH,  I'm seeing errors like this:

  sshd[1226]: Excess permission or bad ownership on file /var/log/btmp

 Quick google turns up:

  https://issues.rpath.com/browse/RPL-1825

 TL;DR - I think we ought to change the last few lines from this:

  touch /var/run/utmp /var/log/{btmp,lastlog,wtmp}
  chgrp -v utmp /var/run/utmp /var/log/lastlog
  chmod -v 664 /var/run/utmp /var/log/lastlog

 to this:

  touch /var/run/utmp /var/log/{btmp,lastlog,wtmp}
  chgrp -v utmp /var/run/utmp /var/log/{lastlog,btmp}
  chmod -v 664 /var/run/utmp /var/log/lastlog
  chmod -v 0600 /var/log/btmp

 Does anyone see an issue with changing the group and perms of
/var/log/btmp to fit SSH's expectations?

 I agree, if we create /var/log/btmp it should be chmod 600, but I
 wonder, do we need it? Does anything use it?

The command 'lastb' uses btmp.

I changed the permissions in svn.

   -- Bruce
-- 
http://linuxfromscratch.org/mailman/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/lfs/faq.html
Unsubscribe: See the above information page

Re: [lfs-support] 6.06 Creating Essential Files and Symlinks

2012-02-13 Thread Andrew Benton 
On Mon, 13 Feb 2012 13:23:48 -0600
Bruce Dubbs bruce.du...@gmail.com wrote:

 The command 'lastb' uses btmp.

It's true lastb can use /var/log/btmp, but only to read its contents.
If nothing in LFS is writing to the file, do we need to create it in
LFS? Wouldn't it be more sensible to create it in BLFS, on the ssh page?

Andy
-- 
http://linuxfromscratch.org/mailman/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/lfs/faq.html
Unsubscribe: See the above information page

Re: [lfs-support] 6.06 Creating Essential Files and Symlinks

2012-02-13 Thread Qrux 

On Feb 13, 2012, at 4:07 PM, Andrew Benton wrote:

 On Mon, 13 Feb 2012 13:23:48 -0600
 Bruce Dubbs bruce.du...@gmail.com wrote:
 
 The command 'lastb' uses btmp.
 
 It's true lastb can use /var/log/btmp, but only to read its contents.
 If nothing in LFS is writing to the file, do we need to create it in
 LFS? Wouldn't it be more sensible to create it in BLFS, on the ssh page?

It's not just about readers.  It's also about writers.

/var/log/btmp:
Log of all attempted bad logins to the system. Accessed via the lastb 
command.

Empirical testing shows that login writes to btmp.  I infer, from that 
description given at TLDP, that everything that logs a bad-login attempt (e.g., 
login) ought to be writing to this file.  It is NOT an SSH-specific thing.

I assumed that since LFS was creating it in the first place, that LFS was the 
right place to keep it.  Unfortunately, the default LFS perms break downstream 
assumptions about /var/log/btmp, and that's what's being fixed.

Q

-- 
http://linuxfromscratch.org/mailman/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/lfs/faq.html
Unsubscribe: See the above information page